-
Notifications
You must be signed in to change notification settings - Fork 89
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7854d38
commit 3e8d5b4
Showing
7 changed files
with
188 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
# -*- coding: utf-8 -*- | ||
# Copyright (c) 2023, Felix Fontein <felix@fontein.de> | ||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
# SPDX-License-Identifier: GPL-3.0-or-later | ||
|
||
from __future__ import (absolute_import, division, print_function) | ||
__metaclass__ = type | ||
|
||
DOCUMENTATION = """ | ||
name: gpg_fingerprint | ||
short_description: Retrieve a GPG fingerprint from a GPG public or private key | ||
author: Felix Fontein (@felixfontein) | ||
version_added: 2.15.0 | ||
description: | ||
- "Takes the content of a private or public GPG key as input and returns its fingerprint." | ||
options: | ||
_input: | ||
description: | ||
- The content of a GPG public or private key. | ||
type: string | ||
required: true | ||
requirements: | ||
- GnuPG (C(gpg) executable) | ||
seealso: | ||
- plugin: community.crypto.gpg_fingerprint | ||
plugin_type: lookup | ||
""" | ||
|
||
EXAMPLES = """ | ||
- name: Show fingerprint of GPG public key | ||
ansible.builtin.debug: | ||
msg: "{{ lookup('file', '/path/to/public_key.gpg') | community.crypto.gpg_fingerprint }}" | ||
""" | ||
|
||
RETURN = """ | ||
_value: | ||
description: | ||
- The fingerprint of the provided public or private GPG key. | ||
type: string | ||
""" | ||
|
||
from ansible.errors import AnsibleFilterError | ||
from ansible.module_utils.common.text.converters import to_bytes, to_native | ||
from ansible.module_utils.six import string_types | ||
|
||
from ansible_collections.community.crypto.plugins.module_utils.gnupg.cli import GPGError, get_fingerprint_from_bytes | ||
from ansible_collections.community.crypto.plugins.plugin_utils.gnupg import PluginGPGRunner | ||
|
||
|
||
def gpg_fingerprint(input): | ||
if not isinstance(input, string_types): | ||
raise AnsibleFilterError( | ||
'The input for the community.crypto.gpg_fingerprint filter must be a string; got {type} instead'.format(type=type(input)) | ||
) | ||
try: | ||
gpg = PluginGPGRunner() | ||
return get_fingerprint_from_bytes(gpg, to_bytes(input)) | ||
except GPGError as exc: | ||
raise AnsibleFilterError(to_native(exc)) | ||
|
||
|
||
class FilterModule(object): | ||
'''Ansible jinja2 filters''' | ||
|
||
def filters(self): | ||
return { | ||
'gpg_fingerprint': gpg_fingerprint, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
# Copyright (c) Ansible Project | ||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
# SPDX-License-Identifier: GPL-3.0-or-later | ||
|
||
azp/posix/2 | ||
destructive |
9 changes: 9 additions & 0 deletions
9
tests/integration/targets/filter_gpg_fingerprint/meta/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
# Copyright (c) Ansible Project | ||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
# SPDX-License-Identifier: GPL-3.0-or-later | ||
|
||
dependencies: | ||
- prepare_jinja2_compat | ||
- setup_remote_tmp_dir | ||
- setup_gnupg |
80 changes: 80 additions & 0 deletions
80
tests/integration/targets/filter_gpg_fingerprint/tasks/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
--- | ||
# Copyright (c) Ansible Project | ||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
# SPDX-License-Identifier: GPL-3.0-or-later | ||
|
||
- name: Run tests if GPG is available | ||
when: has_gnupg | ||
block: | ||
- name: Create GPG key | ||
ansible.builtin.command: | ||
cmd: gpg --homedir "{{ remote_tmp_dir }}" --batch --generate-key | ||
stdin: | | ||
%echo Generating a basic OpenPGP key | ||
%no-ask-passphrase | ||
%no-protection | ||
Key-Type: RSA | ||
Key-Length: 4096 | ||
Name-Real: Foo Bar | ||
Name-Email: foo@bar.com | ||
Expire-Date: 0 | ||
%commit | ||
%echo done | ||
register: result | ||
|
||
- name: Extract fingerprint | ||
ansible.builtin.shell: gpg --homedir "{{ remote_tmp_dir }}" --with-colons --fingerprint foo@bar.com | grep '^fpr:' | ||
register: fingerprints | ||
|
||
- name: Show fingerprints | ||
ansible.builtin.debug: | ||
msg: "{{ fingerprints.stdout_lines | map('split', ':') | list }}" | ||
|
||
- name: Export public key | ||
ansible.builtin.command: gpg --homedir "{{ remote_tmp_dir }}" --export --armor foo@bar.com | ||
register: public_key | ||
|
||
- name: Export private key | ||
ansible.builtin.command: gpg --homedir "{{ remote_tmp_dir }}" --export-secret-key --armor foo@bar.com | ||
register: private_key | ||
|
||
- name: Gather fingerprints | ||
ansible.builtin.set_fact: | ||
public_key_fingerprint: "{{ public_key.stdout | community.crypto.gpg_fingerprint }}" | ||
private_key_fingerprint: "{{ private_key.stdout | community.crypto.gpg_fingerprint }}" | ||
|
||
- name: Check whether fingerprints match | ||
ansible.builtin.assert: | ||
that: | ||
- public_key_fingerprint == (fingerprints.stdout_lines[0] | split(':'))[9] | ||
- private_key_fingerprint == (fingerprints.stdout_lines[0] | split(':'))[9] | ||
|
||
- name: Error scenario - wrong input type | ||
ansible.builtin.set_fact: | ||
failing_result: "{{ 42 | community.crypto.gpg_fingerprint }}" | ||
register: result | ||
ignore_errors: true | ||
|
||
- name: Check result | ||
ansible.builtin.assert: | ||
that: | ||
- result is failed | ||
- >- | ||
'The input for the community.crypto.gpg_fingerprint filter must be a string; got ' in result.msg | ||
- >- | ||
'int' in result.msg | ||
- name: Error scenario - garbage input | ||
ansible.builtin.set_fact: | ||
failing_result: "{{ 'garbage' | community.crypto.gpg_fingerprint }}" | ||
register: result | ||
ignore_errors: true | ||
|
||
- name: Check result | ||
ansible.builtin.assert: | ||
that: | ||
- result is failed | ||
- >- | ||
'Running ' in result.msg | ||
- >- | ||
('/gpg --no-keyring --with-colons --import-options show-only --import /dev/stdin yielded return code ') in result.msg |